<%@ page pageEncoding="UTF-8"%>
<%@ include file="import.jsp"%>
<%!
	// 开放的不受检测权限的页面
	static final List<String> extraList = Arrays.asList("/index.jsp", "/error/404.jsp", "/error/500.jsp", "/quit.jsp", "/palace/user/change_password.jsp");
%>
<%
	Integer hospital = -111;
	Object checkUser = (Object) session.getAttribute("user");
	if (checkUser == null) {
		response.sendRedirect("/login.jsp");
		return;
	}
	if (session.getAttribute("roles") != null) {
		boolean isIllegal = false;
		List<Privilege> list = (List<Privilege>)session.getAttribute("roles");
		for (Privilege p:list) {
			if (Tools.getDesc(p.getUrl()).equals(path))
				isIllegal = true;
		}
		if (!isIllegal && !extraList.contains(path)) {
			alertMsg(out, "您无权访问该地址", "/index.jsp");
			return;
		}
	}
	List validateUsersList = new ArrayList();
	if (session.getAttribute("user") instanceof ManageUser) {
	    ManageUser manageUser = (ManageUser) session.getAttribute("user");
		List<Long> numList = QBuilder.db("basedb").select("count(*)").from("ManageUser").where(new Where("id = ",manageUser.getId()).and("session_id = ",manageUser.getSessionId())).query().getResultObj();
		if(numList.get(0) != 1){
			response.sendRedirect("/login.jsp");
			return;
		}
		hospital = manageUser.getHospital();
		String ValiUserName = manageUser.getUserName();
		String ValiPassword = manageUser.getPassword();
		validateUsersList = QBuilder.db("basedb").select().from("ManageUser").where(new Where("userName=", manageUser.getUserName()).and("password=", manageUser.getPassword()).and("status=", 1)).query().getResultObj();
	} else if (session.getAttribute("user") instanceof User) {
		User user = (User) session.getAttribute("user");
		hospital = user.getHospital();
		String ValiUserName = user.getUserName();
		String ValiPassword = user.getPassword();
		validateUsersList = QBuilder.db("basedb").select().from("User").where(new Where("userName=", user.getUserName()).and("password=", user.getPassword()).and("type=", 200).and("status=", 1)).query().getResultObj();
	}
	if (isEmpty(validateUsersList)) {
		session.removeAttribute("user");
		alertMsg(out, "非法登录", "/index.jsp");
		return;
	}
	input.setDesc("hospital", hospital + "");
	if (!act.equals("-999")) {
		Tools.print(out, invoke(this, camelName(act), input));
		return;
	}
%>
